An organization has not had an incident for several months.
The Chief Information Security Officer (CISO) wants to move to a more proactive stance for security investigations.
Which of the following would BEST meet that goal?
Click on the arrows to vote for the correct answer
A. B. C. D. E.E.
The CISO's goal is to move the organization to a more proactive stance for security investigations, which implies being able to detect and respond to threats before they cause harm. The best way to achieve this goal is to implement threat hunting.
Threat hunting is a proactive approach to security that involves searching through an organization's systems and networks for indicators of compromise (IOCs), anomalous behavior, or other signs of potential threats that may have gone unnoticed by automated security tools. It involves a combination of automated and manual techniques, including data analysis, vulnerability scanning, and penetration testing.
Root-cause analysis, active response, and advanced antivirus are reactive measures that are typically taken after a security incident has occurred. Root-cause analysis is used to identify the underlying cause of an incident so that it can be prevented in the future. Active response involves taking immediate action to contain and mitigate the effects of an incident. Advanced antivirus is a more sophisticated version of traditional antivirus software that uses machine learning and behavioral analysis to detect and respond to threats.
Information-sharing communities can be a useful resource for staying up-to-date on the latest threats and best practices, but they do not in themselves provide a proactive approach to security.
In summary, threat hunting is the best option for achieving the CISO's goal of moving the organization to a more proactive stance for security investigations.